package com.cy.jt.sso.config;

import com.cy.jt.sso.util.WebUtils;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

/**
 * @author 木木
 * @Email 1194660762@qq.com
 * @date 2021-07-26 9:28
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //1.关闭跨域攻击
        http.csrf().disable();
        //2.设置拒绝处理器(不允许访问资源时,听过给出什么反馈)
        http.exceptionHandling().accessDeniedHandler(accessDeniedHandler());
        //3.资源访问(所有资源在本项目的访问不进行认证)
        http.authorizeRequests().anyRequest().permitAll();
    }

    /**资源访问被拒绝的处理器*/
    public AccessDeniedHandler accessDeniedHandler() {
        return (request, response, accessDeniedException) -> {
            //1.构建相应信息
            Map<String, Object> map = new HashMap<>();
            map.put("state", 403);
            map.put("message", "权限不足");
            //2.将相应信息写到客户端
            WebUtils.writeJsonToClient(response, map);
        };
    }
}
